Re: SSHD and PAM

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Thanks Jakub.   so sshd will check nsswitch.conf before refering to
/etc/passwd file. .

Does sssd/NSS has  a way to fetch user names from sources like
RADIUS/TACACS  server?
We wanted to enable RADIUS/TACACS Authentication using PAM and enabling PAM
in sshd.


Regards,
Ivan

On Wed, Jan 3, 2018 at 2:34 PM, Jakub Jelen <jjelen@xxxxxxxxxx> wrote:

> On Wed, 2018-01-03 at 13:50 +0530, Sudarshan Soma wrote:
> > HI, I do see some refernce on it: but seems not closed
> > https://marc.info/?l=secure-shell&m=115513863409952&w=2
> >
> > http://bugzilla.mindrot.org/show_bug.cgi?id=1215
> >
> >
> > Is this patch available in latest versions, 7.6?
>
> No. It never was.
>
> The SSSD is using NSS (Name Service Switch) [1] way of getting
> credentials. It allows to get them from many sources.
>
> [1] https://en.wikipedia.org/wiki/Name_Service_Switch
>
> Regards,
> Jakub
>
> > On Wed, Jan 3, 2018 at 1:48 PM, Sudarshan Soma <sudarshan12s@xxxxxxxx
> > m>
> > wrote:
> >
> > > Hi I am trying to write pam_radius module which talks to RADIUS
> > > server for
> > > aaa.
> > >
> > > I see sshd checks /etc/passwd for user list. Since RADIUS server
> > > has user
> > > list, can sshd ignore this check for RADIUS/TACACS+ authentication,
> > > Please
> > > suggest if there are any flags to control it.
> > >
> > > I am using the following versions.
> > > OpenSSH_6.6p1, OpenSSL 1.0.2n  7 Dec 2017
> > >
> > > I see sssd (NAS) being used for such use cases, how does sshd
> > > ignore
> > > /etc/passwd in those cases.
> > > Please suggest
> > >
> > > Regards,
> > > Ivan.
> > >
> >
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev@xxxxxxxxxxx
> > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> --
> Jakub Jelen
> Software Engineer
> Security Technologies
> Red Hat, Inc.
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux